Anotace NetFlow dat z pohledu bezpečnosti / Annotation of NetFlow Data from Perspective of Network Security

Kadletz, Lukáš

January 2016

This thesis describes design and implementation of application for offline NetFlow data annotation from perspective of network security. In this thesis is explained the NetFlow architecture in detail along with methods for security incidents detection in the captured data. The application design is based on analysis of manual annotation and supported by several UML diagrams. The Nemea system is used for detecting security events and Warden system as a source of information about reported security incidents on the network. The application uses technologies such as PHP 5, Nette framework, jQuery library and Bootstrap framework. The CESNET association provided NetFlow data for testing the application. The result of this thesis could be used for analysis and annotation of NetFlow data. Resulting data set could be used to verify proper functionality of detection tools.

Attack graph approach to dynamic network vulnerability analysis and countermeasures

Hamid, Thaier K. A.

January 2014

It is widely accepted that modern computer networks (often presented as a heterogeneous collection of functioning organisations, applications, software, and hardware) contain vulnerabilities. This research proposes a new methodology to compute a dynamic severity cost for each state. Here a state refers to the behaviour of a system during an attack; an example of a state is where an attacker could influence the information on an application to alter the credentials. This is performed by utilising a modified variant of the Common Vulnerability Scoring System (CVSS), referred to as a Dynamic Vulnerability Scoring System (DVSS). This calculates scores of intrinsic, time-based, and ecological metrics by combining related sub-scores and modelling the problem’s parameters into a mathematical framework to develop a unique severity cost. The individual static nature of CVSS affects the scoring value, so the author has adapted a novel model to produce a DVSS metric that is more precise and efficient. In this approach, different parameters are used to compute the final scores determined from a number of parameters including network architecture, device setting, and the impact of vulnerability interactions. An attack graph (AG) is a security model representing the chains of vulnerability exploits in a network. A number of researchers have acknowledged the attack graph visual complexity and a lack of in-depth understanding. Current attack graph tools are constrained to only limited attributes or even rely on hand-generated input. The automatic formation of vulnerability information has been troublesome and vulnerability descriptions are frequently created by hand, or based on limited data. The network architectures and configurations along with the interactions between the individual vulnerabilities are considered in the method of computing the Cost using the DVSS and a dynamic cost-centric framework. A new methodology was built up to present an attack graph with a dynamic cost metric based on DVSS and also a novel methodology to estimate and represent the cost-centric approach for each host’ states was followed out. A framework is carried out on a test network, using the Nessus scanner to detect known vulnerabilities, implement these results and to build and represent the dynamic cost centric attack graph using ranking algorithms (in a standardised fashion to Mehta et al. 2006 and Kijsanayothin, 2010). However, instead of using vulnerabilities for each host, a CostRank Markov Model has developed utilising a novel cost-centric approach, thereby reducing the complexity in the attack graph and reducing the problem of visibility. An analogous parallel algorithm is developed to implement CostRank. The reason for developing a parallel CostRank Algorithm is to expedite the states ranking calculations for the increasing number of hosts and/or vulnerabilities. In the same way, the author intends to secure large scale networks that require fast and reliable computing to calculate the ranking of enormous graphs with thousands of vertices (states) and millions of arcs (representing an action to move from one state to another). In this proposed approach, the focus on a parallel CostRank computational architecture to appraise the enhancement in CostRank calculations and scalability of of the algorithm. In particular, a partitioning of input data, graph files and ranking vectors with a load balancing technique can enhance the performance and scalability of CostRank computations in parallel. A practical model of analogous CostRank parallel calculation is undertaken, resulting in a substantial decrease in calculations communication levels and in iteration time. The results are presented in an analytical approach in terms of scalability, efficiency, memory usage, speed up and input/output rates. Finally, a countermeasures model is developed to protect against network attacks by using a Dynamic Countermeasures Attack Tree (DCAT). The following scheme is used to build DCAT tree (i) using scalable parallel CostRank Algorithm to determine the critical asset, that system administrators need to protect; (ii) Track the Nessus scanner to determine the vulnerabilities associated with the asset using the dynamic cost centric framework and DVSS; (iii) Check out all published mitigations for all vulnerabilities. (iv) Assess how well the security solution mitigates those risks; (v) Assess DCAT algorithm in terms of effective security cost, probability and cost/benefit analysis to reduce the total impact of a specific vulnerability.

005.8

Computer Network Attack som olovligt våld : en fråga om association, effekt, aktör och mål

de Waern, Henrik

January 2009

<p>I Estland 2007 utbröt vad som kommit att kallas ”Cyberwar I”, vari ett stort antal centrala myndigheters, tillika finansiella institutioners servrar attackerades av massiva så kallade Computer Network Attacks (CNA), utfört av framförallt ryska aktörer. Estland protesterade högljutt, men frågan huruvida CNA är att beteckna som olovligt är allt annat än klar. Prövningen sker mot den folkrättsliga regimen <em>Jus ad Bellum, </em>och huruvida metoden uppfyller vissa centrala begrepp. Men hur skall denna regim<em> </em>appliceras CNA?</p><p>De frågeställningar som avses besvaras är: hur kan CNA utgöra <em>våld </em>eller <em>hot om våld</em> i enlighet med FN-stadgans artikel 2(4) samt hur kan CNA utgöra <em>väpnat angrepp</em> i enlighet med FN-stadgans artikel 51? Detta avses göras genom en studie inbegripande flertalet folkrättsliga experters teorier på området CNA och våldsanvändning, samt applicering av desamma på en fallstudie av händelserna i Estland 2007.</p><p>Sammanfattningsvis konstateras att flertalet variabler har bärighet i hur CNA kan uppfylla artiklarnas centrala begrepp, vari frågan om <em>association, effekt, aktör </em>och <em>mål</em> tydligast faller ut. I en efterföljande diskussion påvisas dock hur variablerna endast är att betrakta som indicier på hur CNA kan klassas så som olovligt, varvid endast statspraxis kan ge den slutgiltiga bedömningen.</p>

Folkrätt

Jus ad Bellum

FN

Computer Network Attack

Informationskrigföring

Estland

Ryssland

International law

Folkrätt

Media and communication studies

Medie- och kommunikationsvetenskap

Computer Network Attack som olovligt våld : en fråga om association, effekt, aktör och mål

de Waern, Henrik

January 2009

I Estland 2007 utbröt vad som kommit att kallas ”Cyberwar I”, vari ett stort antal centrala myndigheters, tillika finansiella institutioners servrar attackerades av massiva så kallade Computer Network Attacks (CNA), utfört av framförallt ryska aktörer. Estland protesterade högljutt, men frågan huruvida CNA är att beteckna som olovligt är allt annat än klar. Prövningen sker mot den folkrättsliga regimen Jus ad Bellum, och huruvida metoden uppfyller vissa centrala begrepp. Men hur skall denna regim appliceras CNA? De frågeställningar som avses besvaras är: hur kan CNA utgöra våld eller hot om våld i enlighet med FN-stadgans artikel 2(4) samt hur kan CNA utgöra väpnat angrepp i enlighet med FN-stadgans artikel 51? Detta avses göras genom en studie inbegripande flertalet folkrättsliga experters teorier på området CNA och våldsanvändning, samt applicering av desamma på en fallstudie av händelserna i Estland 2007. Sammanfattningsvis konstateras att flertalet variabler har bärighet i hur CNA kan uppfylla artiklarnas centrala begrepp, vari frågan om association, effekt, aktör och mål tydligast faller ut. I en efterföljande diskussion påvisas dock hur variablerna endast är att betrakta som indicier på hur CNA kan klassas så som olovligt, varvid endast statspraxis kan ge den slutgiltiga bedömningen.

Folkrätt

Jus ad Bellum

FN

Computer Network Attack

Informationskrigföring

Estland

Ryssland

International law

Folkrätt

Media and communication studies

Medie- och kommunikationsvetenskap

Anti-sensor Network: Distortion-based Distributed Attack In Wireless Sensor Networks

Karaaslan, Ibrahim

01 February 2008

In this thesis, a novel anti-sensor network paradigm is introduced against wireless sensor networks (WSN). Anti-sensor network (ASN) aims to destroy application reliability by adaptively and anonymously introducing adequate level of artificial distortion into the communication of the event features transported from the sensor nodes (SN) to the sink. ASN is composed of anti-sensor nodes (aSN) randomly distributed over the sensor network field. aSNs pretend to be SNs tomaintain anonymity and so improve resiliency against attack detection and prevention mechanisms. Performance evaluations via mathematical analysis and simulation experiments show that ASN can effectively reduce the application reliability of WSN.

Nový MHP rámec pro kybernetickou válku / New IHL Framework for Cyber Warfare

Knopová, Eva

January 2016

NEW IHL FRAMEWORK FOR CYBER WARFARE - ABSTRACT Regarding the increasing number of revealed cyber-attacks aimed at public facilities including the governmental ones by who seems to be other state actors, this thesis aims to reveal the major importance of cyber warfare, point out the fatal vacuum regarding the IHL framework currently in force and suggests its completion by a new IHL convention, which would regulate cyberwarfare in International Armed Conflicts. In order to provide a well-structured and pertinent arguments to support its main points, the thesis uses methods of qualitative analysis of the current IHL sources including international treaties, customary law and work of the main institutions of international justice along with work of judicial scholars and cyber experts. The work contains five main chapters. The first chapter presents the underlining principles of Laws of Wars, including its theory, history and development; and focuses on one of its three main regimes - the International Humanitarian Law. The second part is dedicated to the topic of cyber warfare, defines its scope as computer network attacks, explains their classification system, analyses their effects and provides examples of such attacks. The third chapter focuses on the issue of the current legal vacuum in relation to cyber...

Data-Driven Computing and Networking Solution for Securing Cyber-Physical Systems

Yifu Wu (18498519)

03 May 2024

<p dir="ltr">In recent years, a surge in data-driven computation has significantly impacted security analysis in cyber-physical systems (CPSs), especially in decentralized environments. This transformation can be attributed to the remarkable computational power offered by high-performance computers (HPCs), coupled with advancements in distributed computing techniques and sophisticated learning algorithms like deep learning and reinforcement learning. Within this context, wireless communication systems and decentralized computing systems emerge as highly suitable environments for leveraging data-driven computation in security analysis. Our research endeavors have focused on exploring the vast potential of various deep learning algorithms within the CPS domains. We have not only delved into the intricacies of existing algorithms but also designed novel approaches tailored to the specific requirements of CPSs. A pivotal aspect of our work was the development of a comprehensive decentralized computing platform prototype, which served as the foundation for simulating complex networking scenarios typical of CPS environments. Within this framework, we harnessed deep learning techniques such as restricted Boltzmann machine (RBM) and deep convolutional neural network (DCNN) to address critical security concerns such as the detection of Quality of Service (QoS) degradation and Denial of Service (DoS) attacks in smart grids. Our experimental results showcased the superior performance of deep learning-based approaches compared to traditional pattern-based methods. Additionally, we devised a decentralized computing system that encompassed a novel decentralized learning algorithm, blockchain-based learning automation, distributed storage for data and models, and cryptography mechanisms to bolster the security and privacy of both data and models. Notably, our prototype demonstrated excellent efficacy, achieving a fine balance between model inference performance and confidentiality. Furthermore, we delved into the integration of domain knowledge from CPSs into our deep learning models. This integration shed light on the vulnerability of these models to dedicated adversarial attacks. Through these multifaceted endeavors, we aim to fortify the security posture of CPSs while unlocking the full potential of data-driven computation in safeguarding critical infrastructures.</p>

System and network security

Networking and communications

Cyber-physical system security

Deep Learning

Network attack

False Data detection

Adversarial Attack

Power System

decentralized computation